Forum: Ruby on Rails Redirect\Cookie bug with MSIE 5.5sp2

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
82da8756017e461cf1e6c3d9f85e59a1?d=identicon&s=25 Gavin Montague (Guest)
on 2006-06-06 13:46
(Received via mailing list)
Hello all,

There seems to be a bug in internet explorer 5 where a redirect
causes the session to be lost.

A controller says....

   def login
     case @request.method
       when :post
          if @session[:user] = User.authenticate(@params
[:user_login], @params[:user_password])
             return redirect_to(:action=>'send_confirmation') unless
@session[:user].confirmed?
             flash[:notice] = "Welcome back, " + @session
[:user].display_name
             redirect_back_or_default "/"
          else
             flash.now[:notice]  = "Sorry, we couldn't log you in
with that information.  Please check your details and try again."
             @login = @params[:user_login]
          end
       end
   end

And it works fine with all browsers but MSIE 5.5sp2 where the user IS
logged in but on arrival at the redirect page the session is lost.
You can see this bug in action if you try to use the wretched browser
to log into a tadalist (for example).

Can anyone suggest a work around to allow 5.5 users to keep workable
sessions with a Rails app?

Thanks,
	Gavin
82da8756017e461cf1e6c3d9f85e59a1?d=identicon&s=25 Gavin Montague (Guest)
on 2006-06-08 11:59
(Received via mailing list)
To answer my own question and pose another.  Yes, there is a bug.

MSIE 5 loses cookies on a header based 30x redirect.  This is why the
browser can't log in to any rails app I've tried it on.

I know MSIE 5 is a crappy browser and is 37signals famously (geek
famously, anyway) don't support it but sadly clients aren't quite so
bleeding edge as to give up on a browser a mere 7 years old.

Anyway, this is the best I can come up with.  It relies on a sniffer,
which is bad practice so I'm not about to suggest that anyone use it
but I thought I'd post it and see if anyone can improve on it or
shoot me down.

Thanks,
   Gavin

class ApplicationController < ActionController::Base

    def redirect_to(options={}, *parameters_for_method_reference)
       if request.env['HTTP_USER_AGENT'] =~ /MSIE 5\./
          url = url_for(options, *parameters_for_method_reference)
          return render(:text=>"<html><head><meta http-
equiv='refresh' content='0;url=#{url}'></head><body></body></html>")
       end
       super(options, *parameters_for_method_reference)
    end

end
This topic is locked and can not be replied to.